Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2015-8855 | Resource Management Errors vulnerability in Nodejs Node.Js The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | 7.5 |
| 2017-01-23 | CVE-2015-8854 | The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)." | 7.5 |
| 2017-01-23 | CVE-2015-8315 | Unspecified vulnerability in Vercel MS The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | 7.5 |
| 2017-01-23 | CVE-2015-4626 | Numeric Errors vulnerability in Treasuryxpress C2Box B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft. | 7.5 |
| 2017-01-23 | CVE-2017-5570 | SQL Injection vulnerability in Eclinicalworks Patient Portal 7.0 An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. | 8.8 |
| 2017-01-23 | CVE-2017-5182 | Information Exposure vulnerability in Novell Open Enterprise Server 11.0/2.0/2015 Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. | 7.5 |
| 2017-01-23 | CVE-2017-5563 | Out-of-bounds Read vulnerability in Libtiff 4.0.7 LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. | 8.8 |
| 2017-01-23 | CVE-2017-5556 | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. | 8.1 |
| 2017-01-23 | CVE-2017-5554 | Improper Authentication vulnerability in Oneplus Oxygenos 3.2.8/3.5.4 An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. | 8.1 |
| 2017-01-23 | CVE-2016-10156 | Permissions, Privileges, and Access Controls vulnerability in Systemd Project Systemd 228 A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. | 7.8 |